Skip to Content
Home Supplier & Third-Party Security Supplier & Third-Party Security

Supplier & Third-Party Security

0 %

Completed

Course content

Supplier & Third-Party Security

10 XP
Prev Next
Fullscreen Share
Rating
0 0

There are no comments for now.

Join this Course
to be the first to leave a comment.

1. Why do third-party suppliers create security risk?
Third parties may access systems, data, or critical services Third parties are automatically more secure than internal systems Suppliers cannot affect operational environments Vendor relationships eliminate compliance requirements
2. Which of the following BEST describes supplier due diligence?
Assessing supplier security and compliance controls before engagement Allowing suppliers unrestricted access during onboarding Delegating all security responsibility to vendors Approving suppliers based only on cost and delivery speed
3. A vendor requests permanent administrator access “for future troubleshooting convenience”. What is the BEST response?
Grant permanent access to improve support responsiveness Use approved, least-privilege, time-bound access controls Share internal administrator credentials instead Disable logging for vendor sessions to improve performance
4. Which of the following is a common third-party security failure?
Prompt removal of vendor access during offboarding Regular supplier access reviews Excessive or dormant supplier permissions Monitoring privileged vendor activity appropriately
5. Why should third-party access follow least privilege principles?
To reduce unnecessary access and limit potential impact To simplify password sharing across organisations To remove the need for monitoring and auditing To allow suppliers unrestricted operational flexibility
6. What is the primary purpose of supplier security monitoring?
To eliminate all supplier contracts automatically To reduce visibility into vendor activities To avoid incident escalation requirements To maintain oversight of ongoing security and compliance risks
7. Which statement about SaaS providers is MOST accurate?
SaaS platforms eliminate all data protection responsibilities SaaS vendors automatically manage customer compliance obligations SaaS providers still require governance and security oversight SaaS services cannot create operational risk
8. Which of the following should be included in supplier security contracts where appropriate?
Shared administrator credentials for operational efficiency Security obligations and incident notification requirements Exemptions from audit and compliance activities Removal of access governance requirements
9. Why is supplier offboarding important?
Dormant vendor access may create security exposure Offboarding removes the need for security monitoring Former suppliers cannot create operational risk Access reviews become unnecessary after contracts end
10. Which of the following is an example of shadow IT?
Using approved enterprise SaaS platforms Connecting unapproved cloud services without governance review Performing documented supplier risk assessments Following procurement and approval procedures
11. What should employees do if they identify suspicious supplier activity?
Ignore the activity unless a breach is confirmed publicly Escalate concerns through approved reporting procedures Discuss the issue externally before escalation Disable monitoring to reduce operational disruption
12. Why is data protection important in supplier relationships?
GDPR only applies to internal employees Suppliers are exempt from confidentiality requirements Data protection obligations end once contracts are signed Suppliers may process sensitive company or client information
13. Which of the following BEST demonstrates secure supplier governance?
Allowing unrestricted vendor integrations permanently Avoiding documentation of supplier permissions Sharing privileged credentials during urgent support activity Performing regular supplier access and security reviews
14. What is a major risk associated with third-party integrations?
Integrations automatically improve compliance posture Third-party integrations cannot affect cloud security Integrations may introduce excessive permissions or unmanaged access Integrations remove the need for access reviews
15. Why should employees use only approved vendors and services?
Unapproved vendors improve operational flexibility automatically Approved suppliers undergo security and governance review processes Security controls are unnecessary for low-cost SaaS services Unapproved tools cannot affect company systems
16. Which of the following is an example of poor supplier security practice?
Monitoring privileged vendor sessions Conducting due diligence before onboarding suppliers Leaving former supplier accounts active indefinitely Following access approval processes
17. What responsibility do managers and leaders have regarding supplier security?
Support governance, oversight, and risk management activities Leave all supplier security responsibilities entirely to vendors Avoid escalating third-party security concerns Apply governance standards inconsistently based on urgency
18. What may happen if supplier security is poorly managed?
Data breaches, outages, or regulatory consequences may occur Security risks reduce automatically over time Compliance obligations disappear during supplier incidents Third-party outages cannot affect internal operations
19. Which behaviour BEST supports secure third-party management?
Prioritising operational convenience over supplier controls Sharing confidential information informally with vendors Following governance procedures and monitoring supplier access appropriately Avoiding access reviews for long-term suppliers
20. What is the BEST overall approach to supplier and third-party security?
Trust suppliers to manage all security responsibilities independently Apply governance, least privilege, monitoring, and due diligence consistently Minimise oversight to reduce operational overhead Allow unrestricted integrations to improve delivery speed